[Bug 716641] Re: CVE-2010-4257: SQL Injection from trackback functions
Artur Rona
ari-tczew at ubuntu.com
Sun Feb 13 13:14:42 UTC 2011
wordpress (3.0.2-1ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/apache.conf:
+ Changed to use /var/www instead of /srv/www for virtual webroot.
- debian/setup-mysql:
+ Changed to use /var/www instead of /srv/www.
-- Artur Rona <ari-tczew at ubuntu.com> Sat, 11 Dec 2010 14:57:22 +0100
** Also affects: wordpress (Ubuntu Natty)
Importance: Undecided
Status: Confirmed
** Changed in: wordpress (Ubuntu Natty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/716641
Title:
CVE-2010-4257: SQL Injection from trackback functions
Status in “wordpress” package in Ubuntu:
Fix Released
Status in “wordpress” source package in Lucid:
New
Status in “wordpress” source package in Maverick:
New
Status in “wordpress” source package in Natty:
Fix Released
Status in “wordpress” package in Debian:
Unknown
Status in “wordpress” package in Fedora:
Unknown
Bug description:
Binary package hint: wordpress
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote
authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
More information about the Ubuntu-sponsors
mailing list